My server manages several websites with different domains using Apache. The first time I used Let’s Encrypt I followed the default command which has created one certname for ALL my domains.
Now I want to remove just one domain from this certificate, and it becomes complicated to understand how to do it. The best solution is to create a new certificate for each of my domains, and then to delete the original certname.
Let’s say my certname is called www.example.com and it contains the below domains:
- www.example.com
- example.com
- blog.example.com
- other-example.com
- www.other-example.com
- my-other-domain.com
- www.my-other-domain.com
- api.test.com
The one I don’t need anymore is *.my-other-domain.com.
First, we create a certificate individually for each domain that we want to keep:
certbot --apache --cert-name example.com -d example.com,www.example.com,blog.example.com certbot --apache --cert-name other-example.com -d other-example.com,www.other-example.com certbot --apache --cert-name test.com -d api.test.com
--cert-name permits to give our own name to the certificate, and -d indicates which domains should be added to this certificate.
Then we can list all our certificates:
certbot certificates
Using the above command you can find the Certificate Path and now we can delete our original certificate:
certbot revoke --cert-path /etc/letsencrypt/live/www.example.com/fullchain.pem
You’re all set! All your domains should still have a correct certificate, and you revoked the ones you don’t need anymore.